Description
Gather, analyze, and evaluate security data from networks, endpoints, cloud platforms, and threat intelligence sources. Use cyber threat intelligence and analytics to anticipate, detect, and prevent attacks such as ransomware, data breaches, and nation-state intrusions.
- • Predict emerging cyber threats and attacker activity using analyses of logs, alerts, and threat intelligence.
- • Study malware, ransomware, phishing, DDoS, insider threats, APTs, and other cyber risks.
- • Design, use, or maintain SIEM, SOAR, EDR, and security analytics platforms, including machine learning tools.
- • Build adversary profiles and TTP mappings to connect campaigns, infrastructure, and actors.
- • Analyze network traffic, authentication logs, and communications metadata to determine intrusion scope and impact.
- • Collect and evaluate data from packet captures, endpoint telemetry, email gateways, and sandboxed artifacts.
- • Gather cyber intelligence from OSINT, commercial feeds, ISACs, vulnerability databases, and internal telemetry.
- • Correlate data from multiple sources to produce actionable findings and prioritize response.
- • Link indicators of compromise, domains, IPs, and hashes to incidents and threat groups.
- • Operate and tune monitoring, detection, and forensic tools to capture and document adversary activity.
- • Prepare incident reports, briefings, dashboards, diagrams, and timelines for technical and executive audiences.
- • Develop and maintain detection rules, SIEM correlations, and alerting strategies for high-risk behaviors.
- • Analyze command-and-control, data exfiltration, and attacker monetization channels, including cryptocurrency flows when relevant.
- • Validate indicators and assessments by cross-checking with additional sources and internal investigations.
- • Collaborate with SOC, IT, cloud, risk, legal, and external partners or information-sharing groups to coordinate defenses.
- • Develop and recommend defense strategies, hardening standards, and response playbooks based on intelligence.
- • Conduct user, admin, and responder interviews to collect context and enhance incident understanding.
- • Decode or analyze protocols, logs, scripts, or encoded content; apply knowledge of encryption and network stack.
- • Identify patterns, trends, and attacker techniques using frameworks such as MITRE ATT&CK.
- • Present analytic findings and risk assessments to stakeholders and leadership.
- • Identify visibility gaps and telemetry needs; recommend sensors, log sources, or data quality improvements.
Related specializations
Interview options
Interview options
Interviewee gender
Interviewee accent
Interview time
Related Pathways
Public Service & Safety
View
Source
Tasks & skills:
O*NET occupational data (work activities, skills, knowledge).
Learn more
Sources & Standards:
This site includes information from O*NET by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA), used under the CC BY 4.0 license. Career Clutch has modified some of this information for student readability. USDOL/ETA has not approved, endorsed, or tested these modifications. O*NET® is a trademark of USDOL/ETA.
Last reviewed: Jan 2026